[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

devotee predictable random numbers (was: General Resolution: Diversity statement results)

On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
>         Once I get my act together again, I have devotee v 2.0 that I
>  think is generally useful enough to package, since I have moved it to a
>  command pattern based workflow, and thus people may add modules (check
>  gpg sigs) or remove tham (no ldap checks), and move the action noides
>  around at will (do  gpg checks _after_ ldap checks)

Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
fixed now in devotee?

Reply to: